RSA 2015 – Lessons from 1919

We attended the RSA Conference in San Francisco this week.  There were two giant convention halls filled with latest in information security.  In addition to the in-booth presentations, there were continuous presentations and panels discussing security.  Jeh Johnson, the Secretary of the Department of Homeland Security, was a keynote speaker. Yet, in this sea of the new, the most interesting thing was something patented almost a century ago. In the NSA’s booth (yes, that NSA) was this:

A wooden box about the size of a toaster oven — an Enigma machine.  Learn more at our new blog.

APT30 – Decades Long Cyberattack

This week, FireEye released their latest APT report – APT30: The Mechanics Behind a Decade Long Cyber Espionage Operation.  The sub-title summarizes the findings: How a Cyber Threat Group Exploited Governments and Commercial Entities across Southeast Asia and India for over a Decade.

What are the surprises in APT30? There are no surprises in APT30.  The bad guys engage in anti-forensics to avoid detection. APT30 tells us that the bad guys use spearphishing to make their initial infiltration:

APT30 LEVERAGES MAJOR POLITICAL TRANSITION AS PHISHING LURE CONTENT IN CAMPAIGN GEARED TO KEY POLITICAL STAKEHOLDERS

This is a sample of the lures used to trick users into compromising their systems:

Source: FireEye APT30

Learn more at our new blog.

Russians Access President’s Schedule

Russian hackers used compromised systems at the Executive Office of the President to access the President’s schedule.

How could Russian hackers get to the President’s schedule? Learn how at our new blog.

Cybersecurity Is No Joke – It Is A National Emergency

On April Fools’ Day President Obama issued an executive order entitled, “BLOCKING THE PROPERTY OF CERTAIN PERSONS ENGAGING IN SIGNIFICANT MALICIOUS CYBER-ENABLED ACTIVITIES.” This was not an April Fools’ prank.

Learn more at our new blog.